.\" $OpenBSD: SSL_get_finished.3,v 1.2 2021/01/30 10:48:15 tb Exp $
.\"
.\" Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: January 30 2021 $
.Dt SSL_GET_FINISHED 3
.Os
.Sh NAME
.Nm SSL_get_finished ,
.Nm SSL_get_peer_finished
.Nd get last sent or last expected finished message
.Sh SYNOPSIS
.In openssl/ssl.h
.Ft size_t
.Fn SSL_get_finished "const SSL *ssl" "void *buf" "size_t count"
.Ft size_t
.Fn SSL_get_peer_finished "const SSL *ssl" "void *buf" "size_t count"
.Sh DESCRIPTION
.Fn SSL_get_finished
and
.Fn SSL_get_peer_finished
copy
.Fa count
bytes from the last finished message sent to the peer
or expected from the peer into the
caller-provided buffer
.Fa buf .
.Pp
The finished message is computed from a checksum of the handshake records
exchanged with the peer.
Its length depends on the ciphersuite in use and is at most
.Dv EVP_MAX_MD_SIZE ,
i.e., 64 bytes.
.\" In TLSv1.3 the length is equal to the length of the hash algorithm
.\" used by the hash-based message authentication code (HMAC),
.\" which is currently either 32 bytes for SHA-256 or 48 bytes for SHA-384.
.\" In TLSv1.2 the length defaults to 12 bytes, but it can explicitly be
.\" specified by the ciphersuite to be longer.
.\" In TLS versions 1.1 and 1.0, the finished message has a fixed length
.\" of 12 bytes.
.Sh RETURN VALUES
.Fn SSL_get_finished
and
.Fn SSL_get_peer_finished
return the number of bytes copied into
.Fa buf .
The return value is zero if the handshake has not reached the
finished message.
.Sh SEE ALSO
.Xr ssl 3 ,
.Xr SSL_get_session 3 ,
.Xr SSL_set_session 3
.Sh STANDARDS
RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3,
section 4.4.4: Finished.
.Pp
RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2,
section 7.4.9: Finished.
.Sh HISTORY
.Fn SSL_get_finished
and
.Fn SSL_get_peer_finished
first appeared in SSLeay 0.9.5
and have been available since
.Ox 2.7 .
